aivault-mcp 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Mohammed Shomis
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,172 @@
+# 🔐 AIVault
+
+**Stop pasting API keys into AI chat.**
+
+AIVault is an [MCP server](https://modelcontextprotocol.io) that lets AI agents use your credentials **without ever seeing them**. The AI references secrets by name (`$GITHUB_TOKEN`), AIVault injects the real values at runtime, and scrubs them from the output before the AI sees anything.
+
+Works with **Claude Desktop**, **Kiro**, **Cursor**, **Windsurf**, and any MCP-compatible client.
+
+---
+
+## The Problem
+
+Every day, developers paste API keys, database passwords, and tokens directly into AI chat. This is a massive security risk — those secrets end up in logs, training data, and who knows where else.
+
+## The Solution
+
+```
+You:    "Deploy my app to AWS"
+AI:     calls run_command → "aws s3 cp ./build s3://my-bucket"
+AIVault: ✅ Injects $AWS_ACCESS_KEY_ID and $AWS_SECRET_ACCESS_KEY as env vars
+         ✅ Runs the command
+         ✅ Scrubs any leaked secrets from output
+         ✅ Returns clean result to AI
+AI:     "Done! All files uploaded to S3."
+```
+
+The AI never sees your actual credentials. Ever.
+
+---
+
+## Quick Start
+
+### 1. Install
+
+```bash
+npm install -g aivault-mcp
+```
+
+### 2. Initialize your vault
+
+```bash
+aivault init
+```
+
+### 3. Add your secrets
+
+```bash
+aivault set GITHUB_TOKEN --desc "GitHub PAT for repo access" --tags "github"
+aivault set AWS_ACCESS_KEY_ID --desc "AWS access key" --tags "aws"
+```
+
+### 4. Connect to your AI tool
+
+Add to your MCP config:
+
+```json
+{
+  "mcpServers": {
+    "aivault": {
+      "command": "npx",
+      "args": ["-y", "aivault-mcp"],
+      "env": {
+        "AIVAULT_MASTER_PASSWORD": "your-master-password"
+      }
+    }
+  }
+}
+```
+
+
+| AI Tool | Config File Location |
+|---------|---------------------|
+| Claude Desktop | `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS) |
+| Kiro | `~/.kiro/settings/mcp.json` |
+| Cursor | `.cursor/mcp.json` in your project |
+| Windsurf | `~/.windsurf/mcp.json` |
+
+### 5. Done! Ask your AI to use your secrets
+
+> "Check how many users are in my database"
+
+The AI will call `list_secrets`, find your `DB_URL`, run the query with `run_command`, and return scrubbed results.
+
+---
+
+## Web Dashboard
+
+Manage secrets visually instead of the CLI:
+
+```bash
+aivault dashboard
+```
+
+Opens a local web UI at `http://localhost:7470` where you can add, view, and delete secrets from your browser.
+
+---
+
+## How It Works
+
+```
+User ←→ AI (Claude, Kiro, Cursor, etc.)
+              ↓
+         MCP Protocol
+              ↓
+     ┌─────────────────┐
+     │  AIVault MCP     │
+     │                  │
+     │  Secret Store    │  ← AES-256-GCM encrypted local file
+     │  Executor        │  ← Injects secrets as env vars
+     │  Scrubber        │  ← Removes secret values from output
+     └─────────────────┘
+```
+
+### MCP Tools
+
+| Tool | What it does |
+|------|-------------|
+| `list_secrets` | Shows available secrets (name + description only, **never values**) |
+| `run_command` | Runs a shell command with secrets injected as env vars, output scrubbed |
+| `request_secret` | AI asks the user to add a missing secret |
+
+### Security
+
+- 🔒 **Encrypted at rest** — AES-256-GCM with PBKDF2 key derivation (100k iterations, SHA-512)
+- 🚫 **AI never sees values** — only names, descriptions, and tags
+- 🧹 **Output always scrubbed** — raw, URL-encoded, and Base64-encoded values are all caught
+- 💉 **Env var injection only** — secrets are never interpolated into command strings (prevents shell injection)
+- ⏱️ **Timeout enforcement** — commands are killed after 30s (configurable, max 300s)
+- 🏠 **100% local** — no cloud, no network, no telemetry
+
+---
+
+## CLI Reference
+
+```bash
+aivault init                              # Set up vault with master password
+aivault set <NAME> --desc "..." [--tags "a,b"]  # Add or update a secret
+aivault list [--tag "..."]                # List secrets (never shows values)
+aivault delete <NAME>                     # Remove a secret
+aivault dashboard                         # Open web UI
+aivault export-descriptions [--json]      # Export metadata for docs/sharing
+```
+
+Set `AIVAULT_MASTER_PASSWORD` env var to skip password prompts.
+
+---
+
+## Example Interactions
+
+**Using a database:**
+> You: "How many orders were placed today?"
+> AI → `run_command`: `psql $DB_URL -c "SELECT COUNT(*) FROM orders WHERE date = CURRENT_DATE"`
+> Result: `count: 847` (connection string scrubbed)
+
+**Deploying code:**
+> You: "Push my Docker image to ECR"
+> AI → `run_command`: `aws ecr get-login-password | docker login ... && docker push`
+> AWS credentials injected via env vars, never visible to AI
+
+**Missing credential:**
+> You: "Send a Slack notification"
+> AI → `request_secret`: "I need a SLACK_WEBHOOK_URL. Please run: `aivault set SLACK_WEBHOOK_URL --desc 'Slack webhook'`"
+
+---
+
+## License
+
+MIT
+
+---
+
+Built by [Mohammed Shomis](https://github.com/mohshomis) with ❤️ for developers who care about security.

package/dist/cli/cli.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../../src/cli/cli.ts"],"names":[],"mappings":""}

package/dist/cli/cli.js

@@ -0,0 +1,111 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const init_1 = require("./commands/init");
+const set_1 = require("./commands/set");
+const list_1 = require("./commands/list");
+const delete_1 = require("./commands/delete");
+const export_1 = require("./commands/export");
+const dashboard_1 = require("./commands/dashboard");
+const utils_1 = require("./utils");
+async function getPassword() {
+    const envPassword = process.env.AIVAULT_MASTER_PASSWORD;
+    if (envPassword)
+        return envPassword;
+    return (0, utils_1.promptHidden)('Master password: ');
+}
+function parseArgs(args) {
+    const command = args[0] || 'help';
+    const positional = [];
+    const flags = {};
+    for (let i = 1; i < args.length; i++) {
+        if (args[i].startsWith('--')) {
+            const key = args[i].slice(2);
+            const value = args[i + 1] && !args[i + 1].startsWith('--') ? args[++i] : 'true';
+            flags[key] = value;
+        }
+        else {
+            positional.push(args[i]);
+        }
+    }
+    return { command, positional, flags };
+}
+function printHelp() {
+    console.log(`
+AIVault — Secure secret management for AI agents
+
+Usage:
+  aivault init                                    Initialize vault with master password
+  aivault set <NAME> --desc "description" [--tags "tag1,tag2"]  Add or update a secret
+  aivault list [--tag "tag"]                      List secrets (names only, never values)
+  aivault delete <NAME>                           Delete a secret
+  aivault dashboard                                Open web UI to manage secrets
+  aivault export-descriptions [--json] [--tag "tag"]  Export secret metadata
+
+Environment:
+  AIVAULT_MASTER_PASSWORD    Master password (avoids interactive prompt)
+`);
+}
+async function main() {
+    const { command, positional, flags } = parseArgs(process.argv.slice(2));
+    switch (command) {
+        case 'init':
+            await (0, init_1.initCommand)();
+            break;
+        case 'set': {
+            const name = positional[0];
+            if (!name) {
+                console.error('Usage: aivault set <NAME> --desc "description" [--tags "tag1,tag2"]');
+                process.exit(1);
+            }
+            const desc = flags.desc || flags.description;
+            if (!desc) {
+                console.error('Error: --desc is required.');
+                process.exit(1);
+            }
+            const tags = flags.tags ? flags.tags.split(',').map(t => t.trim()) : [];
+            const password = await getPassword();
+            await (0, set_1.setCommand)(name, desc, tags, password);
+            break;
+        }
+        case 'list': {
+            const password = await getPassword();
+            (0, list_1.listCommand)(flags.tag, password);
+            break;
+        }
+        case 'delete': {
+            const name = positional[0];
+            if (!name) {
+                console.error('Usage: aivault delete <NAME>');
+                process.exit(1);
+            }
+            const password = await getPassword();
+            await (0, delete_1.deleteCommand)(name, password);
+            break;
+        }
+        case 'export-descriptions': {
+            const password = await getPassword();
+            (0, export_1.exportCommand)(flags.json === 'true', flags.tag, password);
+            break;
+        }
+        case 'dashboard': {
+            const password = await getPassword();
+            (0, dashboard_1.dashboardCommand)(password);
+            break;
+        }
+        case 'help':
+        case '--help':
+        case '-h':
+            printHelp();
+            break;
+        default:
+            console.error(`Unknown command: ${command}`);
+            printHelp();
+            process.exit(1);
+    }
+}
+main().catch((err) => {
+    console.error('Fatal error:', err.message);
+    process.exit(1);
+});
+//# sourceMappingURL=cli.js.map

package/dist/cli/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli/cli.ts"],"names":[],"mappings":";;;AACA,0CAA8C;AAC9C,wCAA4C;AAC5C,0CAA8C;AAC9C,8CAAkD;AAClD,8CAAkD;AAClD,oDAAwD;AACxD,mCAAuC;AAEvC,KAAK,UAAU,WAAW;IACxB,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IACxD,IAAI,WAAW;QAAE,OAAO,WAAW,CAAC;IACpC,OAAO,IAAA,oBAAY,EAAC,mBAAmB,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,SAAS,CAAC,IAAc;IAC/B,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;IAClC,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,MAAM,KAAK,GAA2B,EAAE,CAAC;IAEzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YAChF,KAAK,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACrB,CAAC;aAAM,CAAC;YACN,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC;AACxC,CAAC;AAED,SAAS,SAAS;IAChB,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;CAab,CAAC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAExE,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,MAAM;YACT,MAAM,IAAA,kBAAW,GAAE,CAAC;YACpB,MAAM;QAER,KAAK,KAAK,CAAC,CAAC,CAAC;YACX,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YAC3B,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,KAAK,CAAC,qEAAqE,CAAC,CAAC;gBACrF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,WAAW,CAAC;YAC7C,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;gBAC5C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACxE,MAAM,QAAQ,GAAG,MAAM,WAAW,EAAE,CAAC;YACrC,MAAM,IAAA,gBAAU,EAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;YAC7C,MAAM;QACR,CAAC;QAED,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,MAAM,QAAQ,GAAG,MAAM,WAAW,EAAE,CAAC;YACrC,IAAA,kBAAW,EAAC,KAAK,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YACjC,MAAM;QACR,CAAC;QAED,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YAC3B,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;gBAC9C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,MAAM,QAAQ,GAAG,MAAM,WAAW,EAAE,CAAC;YACrC,MAAM,IAAA,sBAAa,EAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;YACpC,MAAM;QACR,CAAC;QAED,KAAK,qBAAqB,CAAC,CAAC,CAAC;YAC3B,MAAM,QAAQ,GAAG,MAAM,WAAW,EAAE,CAAC;YACrC,IAAA,sBAAa,EAAC,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,KAAK,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAC1D,MAAM;QACR,CAAC;QAED,KAAK,WAAW,CAAC,CAAC,CAAC;YACjB,MAAM,QAAQ,GAAG,MAAM,WAAW,EAAE,CAAC;YACrC,IAAA,4BAAgB,EAAC,QAAQ,CAAC,CAAC;YAC3B,MAAM;QACR,CAAC;QAED,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,IAAI;YACP,SAAS,EAAE,CAAC;YACZ,MAAM;QAER;YACE,OAAO,CAAC,KAAK,CAAC,oBAAoB,OAAO,EAAE,CAAC,CAAC;YAC7C,SAAS,EAAE,CAAC;YACZ,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IAC3C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/cli/commands/dashboard.d.ts

@@ -0,0 +1,2 @@
+export declare function dashboardCommand(password: string): void;
+//# sourceMappingURL=dashboard.d.ts.map

package/dist/cli/commands/dashboard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dashboard.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/dashboard.ts"],"names":[],"mappings":"AAwGA,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CA6DvD"}

package/dist/cli/commands/dashboard.js

@@ -0,0 +1,155 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.dashboardCommand = dashboardCommand;
+const http_1 = __importDefault(require("http"));
+const store_1 = require("../../vault/store");
+const PORT = 7470;
+function html(store, message) {
+    let secrets = [];
+    try {
+        secrets = store.listSecrets();
+    }
+    catch { }
+    const rows = secrets.map(s => `
+    <tr>
+      <td><code>${esc(s.name)}</code></td>
+      <td>${esc(s.description)}</td>
+      <td>${s.tags.map(t => `<span class="tag">${esc(t)}</span>`).join(' ')}</td>
+      <td>
+        <form method="POST" action="/delete" style="margin:0">
+          <input type="hidden" name="name" value="${esc(s.name)}">
+          <button type="submit" class="btn-delete" onclick="return confirm('Delete ${esc(s.name)}?')">Delete</button>
+        </form>
+      </td>
+    </tr>`).join('');
+    const banner = message ? `<div class="banner">${esc(message)}</div>` : '';
+    return `<!DOCTYPE html>
+<html lang="en"><head>
+<meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1">
+<title>AIVault Dashboard</title>
+<style>
+  * { box-sizing: border-box; margin: 0; padding: 0; }
+  body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; background: #0d1117; color: #e6edf3; padding: 2rem; }
+  h1 { font-size: 1.6rem; margin-bottom: .3rem; }
+  .subtitle { color: #8b949e; margin-bottom: 1.5rem; font-size: .9rem; }
+  .banner { background: #1a7f37; color: #fff; padding: .6rem 1rem; border-radius: 6px; margin-bottom: 1rem; }
+  .card { background: #161b22; border: 1px solid #30363d; border-radius: 8px; padding: 1.5rem; margin-bottom: 1.5rem; }
+  table { width: 100%; border-collapse: collapse; }
+  th { text-align: left; color: #8b949e; font-size: .8rem; text-transform: uppercase; padding: .5rem .8rem; border-bottom: 1px solid #30363d; }
+  td { padding: .7rem .8rem; border-bottom: 1px solid #21262d; }
+  code { background: #1c2128; padding: .15rem .4rem; border-radius: 4px; font-size: .85rem; color: #79c0ff; }
+  .tag { background: #1f6feb33; color: #58a6ff; padding: .1rem .5rem; border-radius: 10px; font-size: .75rem; }
+  .empty { color: #8b949e; text-align: center; padding: 2rem; }
+  form.add { display: grid; grid-template-columns: 1fr 2fr 1fr 1fr auto; gap: .6rem; align-items: end; }
+  label { font-size: .8rem; color: #8b949e; display: block; margin-bottom: .2rem; }
+  input[type="text"], input[type="password"] { width: 100%; background: #0d1117; border: 1px solid #30363d; color: #e6edf3; padding: .5rem .7rem; border-radius: 6px; font-size: .85rem; }
+  input:focus { outline: none; border-color: #58a6ff; }
+  .btn { background: #238636; color: #fff; border: none; padding: .55rem 1.2rem; border-radius: 6px; cursor: pointer; font-size: .85rem; }
+  .btn:hover { background: #2ea043; }
+  .btn-delete { background: transparent; color: #f85149; border: 1px solid #f8514933; padding: .3rem .8rem; border-radius: 6px; cursor: pointer; font-size: .8rem; }
+  .btn-delete:hover { background: #f8514922; }
+  .count { color: #8b949e; font-size: .85rem; }
+  @media (max-width: 700px) { form.add { grid-template-columns: 1fr; } }
+</style>
+</head><body>
+  <h1>🔐 AIVault Dashboard</h1>
+  <p class="subtitle">Manage your secrets securely. Values are never displayed.</p>
+  ${banner}
+
+  <div class="card">
+    <h2 style="font-size:1rem;margin-bottom:1rem;">Add Secret</h2>
+    <form class="add" method="POST" action="/add">
+      <div><label>Name</label><input type="text" name="name" placeholder="GITHUB_TOKEN" required pattern="[A-Z][A-Z0-9_]*"></div>
+      <div><label>Description</label><input type="text" name="description" placeholder="GitHub PAT for repos" required></div>
+      <div><label>Value</label><input type="password" name="value" placeholder="••••••••" required></div>
+      <div><label>Tags (comma-separated)</label><input type="text" name="tags" placeholder="github, vcs"></div>
+      <div><label>&nbsp;</label><button type="submit" class="btn">Add</button></div>
+    </form>
+  </div>
+
+  <div class="card">
+    <div style="display:flex;justify-content:space-between;align-items:center;margin-bottom:1rem;">
+      <h2 style="font-size:1rem;">Secrets</h2>
+      <span class="count">${secrets.length} secret${secrets.length !== 1 ? 's' : ''}</span>
+    </div>
+    ${secrets.length === 0
+        ? '<p class="empty">No secrets yet. Add one above.</p>'
+        : `<table><thead><tr><th>Name</th><th>Description</th><th>Tags</th><th></th></tr></thead><tbody>${rows}</tbody></table>`}
+  </div>
+</body></html>`;
+}
+function esc(s) {
+    return s.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
+}
+function parseBody(body) {
+    const params = {};
+    for (const pair of body.split('&')) {
+        const [key, ...rest] = pair.split('=');
+        params[decodeURIComponent(key)] = decodeURIComponent(rest.join('=').replace(/\+/g, ' '));
+    }
+    return params;
+}
+function readBody(req) {
+    return new Promise((resolve) => {
+        let data = '';
+        req.on('data', (chunk) => { data += chunk.toString(); });
+        req.on('end', () => resolve(data));
+    });
+}
+function dashboardCommand(password) {
+    const store = new store_1.VaultStore(password);
+    if (!store.isInitialized()) {
+        console.error('Vault not initialized. Run "aivault init" first.');
+        process.exit(1);
+    }
+    const server = http_1.default.createServer(async (req, res) => {
+        const url = req.url || '/';
+        if (req.method === 'GET' && url === '/') {
+            res.writeHead(200, { 'Content-Type': 'text/html' });
+            res.end(html(store));
+            return;
+        }
+        if (req.method === 'POST' && url === '/add') {
+            const body = await readBody(req);
+            const params = parseBody(body);
+            const { name, description, value, tags } = params;
+            let msg;
+            try {
+                const tagList = tags ? tags.split(',').map(t => t.trim()).filter(Boolean) : [];
+                store.setSecret(name, value, description, tagList);
+                msg = `Secret ${name} saved`;
+            }
+            catch (err) {
+                msg = `Error: ${err.message}`;
+            }
+            res.writeHead(200, { 'Content-Type': 'text/html' });
+            res.end(html(store, msg));
+            return;
+        }
+        if (req.method === 'POST' && url === '/delete') {
+            const body = await readBody(req);
+            const params = parseBody(body);
+            const { name } = params;
+            let msg;
+            if (store.deleteSecret(name)) {
+                msg = `Secret ${name} deleted`;
+            }
+            else {
+                msg = `Secret ${name} not found`;
+            }
+            res.writeHead(200, { 'Content-Type': 'text/html' });
+            res.end(html(store, msg));
+            return;
+        }
+        res.writeHead(404);
+        res.end('Not found');
+    });
+    server.listen(PORT, '127.0.0.1', () => {
+        console.log(`\n🔐 AIVault Dashboard running at http://localhost:${PORT}\n`);
+        console.log('Press Ctrl+C to stop.\n');
+    });
+}
+//# sourceMappingURL=dashboard.js.map

package/dist/cli/commands/dashboard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dashboard.js","sourceRoot":"","sources":["../../../src/cli/commands/dashboard.ts"],"names":[],"mappings":";;;;;AAwGA,4CA6DC;AArKD,gDAAwB;AACxB,6CAA+C;AAE/C,MAAM,IAAI,GAAG,IAAI,CAAC;AAElB,SAAS,IAAI,CAAC,KAAiB,EAAE,OAAgB;IAC/C,IAAI,OAAO,GAAiE,EAAE,CAAC;IAC/E,IAAI,CAAC;QACH,OAAO,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC,CAAC,CAAC;IAEX,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;;kBAEd,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;YACjB,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC;YAClB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,qBAAqB,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;;;oDAGvB,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;qFACsB,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;;;UAGtF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEnB,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,uBAAuB,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;IAE1E,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA+BL,MAAM;;;;;;;;;;;;;;;;4BAgBkB,OAAO,CAAC,MAAM,UAAU,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;;MAE7E,OAAO,CAAC,MAAM,KAAK,CAAC;QACpB,CAAC,CAAC,qDAAqD;QACvD,CAAC,CAAC,gGAAgG,IAAI,kBACxG;;eAEW,CAAC;AAChB,CAAC;AAED,SAAS,GAAG,CAAC,CAAS;IACpB,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;AACtG,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC7B,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACvC,MAAM,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;IAC3F,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,QAAQ,CAAC,GAAyB;IACzC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,GAAG,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACjE,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,gBAAgB,CAAC,QAAgB;IAC/C,MAAM,KAAK,GAAG,IAAI,kBAAU,CAAC,QAAQ,CAAC,CAAC;IAEvC,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,EAAE,CAAC;QAC3B,OAAO,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QAClE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,cAAI,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAClD,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC;QAE3B,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;YACxC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;YACpD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;YAC5C,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;YACjC,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;YAC/B,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC;YAElD,IAAI,GAAW,CAAC;YAChB,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC/E,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;gBACnD,GAAG,GAAG,UAAU,IAAI,QAAQ,CAAC;YAC/B,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,GAAG,GAAG,UAAU,GAAG,CAAC,OAAO,EAAE,CAAC;YAChC,CAAC;YAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;YACpD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;YAC1B,OAAO;QACT,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YAC/C,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;YACjC,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;YAC/B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC;YAExB,IAAI,GAAW,CAAC;YAChB,IAAI,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,GAAG,GAAG,UAAU,IAAI,UAAU,CAAC;YACjC,CAAC;iBAAM,CAAC;gBACN,GAAG,GAAG,UAAU,IAAI,YAAY,CAAC;YACnC,CAAC;YAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;YACpD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;YAC1B,OAAO;QACT,CAAC;QAED,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;QACpC,OAAO,CAAC,GAAG,CAAC,sDAAsD,IAAI,IAAI,CAAC,CAAC;QAC5E,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/cli/commands/delete.d.ts

@@ -0,0 +1,2 @@
+export declare function deleteCommand(name: string, password: string): Promise<void>;
+//# sourceMappingURL=delete.d.ts.map

package/dist/cli/commands/delete.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"delete.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/delete.ts"],"names":[],"mappings":"AAGA,wBAAsB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAqBjF"}

package/dist/cli/commands/delete.js

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deleteCommand = deleteCommand;
+const store_1 = require("../../vault/store");
+const utils_1 = require("../utils");
+async function deleteCommand(name, password) {
+    const store = new store_1.VaultStore(password);
+    const confirm = await (0, utils_1.promptConfirm)(`Are you sure you want to delete ${name}? (y/N): `);
+    if (!confirm) {
+        console.log('Aborted.');
+        return;
+    }
+    try {
+        const deleted = store.deleteSecret(name);
+        if (deleted) {
+            console.log(`\n✓ Secret ${name} deleted`);
+        }
+        else {
+            console.error(`Error: Secret ${name} not found.`);
+            process.exit(1);
+        }
+    }
+    catch (err) {
+        console.error(`Error: ${err.message}`);
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=delete.js.map

package/dist/cli/commands/delete.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"delete.js","sourceRoot":"","sources":["../../../src/cli/commands/delete.ts"],"names":[],"mappings":";;AAGA,sCAqBC;AAxBD,6CAA+C;AAC/C,oCAAyC;AAElC,KAAK,UAAU,aAAa,CAAC,IAAY,EAAE,QAAgB;IAChE,MAAM,KAAK,GAAG,IAAI,kBAAU,CAAC,QAAQ,CAAC,CAAC;IAEvC,MAAM,OAAO,GAAG,MAAM,IAAA,qBAAa,EAAC,mCAAmC,IAAI,WAAW,CAAC,CAAC;IACxF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACxB,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QACzC,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,UAAU,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,iBAAiB,IAAI,aAAa,CAAC,CAAC;YAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACvC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/cli/commands/export.d.ts

@@ -0,0 +1,2 @@
+export declare function exportCommand(json: boolean, tag: string | undefined, password: string): void;
+//# sourceMappingURL=export.d.ts.map

package/dist/cli/commands/export.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"export.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/export.ts"],"names":[],"mappings":"AAGA,wBAAgB,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,GAAG,SAAS,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAoB5F"}

package/dist/cli/commands/export.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.exportCommand = exportCommand;
+const store_1 = require("../../vault/store");
+const utils_1 = require("../utils");
+function exportCommand(json, tag, password) {
+    const store = new store_1.VaultStore(password);
+    try {
+        const secrets = store.listSecrets(tag);
+        if (json) {
+            console.log(JSON.stringify(secrets, null, 2));
+        }
+        else {
+            if (secrets.length === 0) {
+                console.log('No secrets to export.');
+                return;
+            }
+            const rows = secrets.map(s => [s.name, s.description, s.tags.join(', ')]);
+            console.log((0, utils_1.formatTable)(rows, ['NAME', 'DESCRIPTION', 'TAGS']));
+        }
+    }
+    catch (err) {
+        console.error(`Error: ${err.message}`);
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=export.js.map

package/dist/cli/commands/export.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"export.js","sourceRoot":"","sources":["../../../src/cli/commands/export.ts"],"names":[],"mappings":";;AAGA,sCAoBC;AAvBD,6CAA+C;AAC/C,oCAAuC;AAEvC,SAAgB,aAAa,CAAC,IAAa,EAAE,GAAuB,EAAE,QAAgB;IACpF,MAAM,KAAK,GAAG,IAAI,kBAAU,CAAC,QAAQ,CAAC,CAAC;IAEvC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAEvC,IAAI,IAAI,EAAE,CAAC;YACT,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzB,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;gBACrC,OAAO;YACT,CAAC;YACD,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC1E,OAAO,CAAC,GAAG,CAAC,IAAA,mBAAW,EAAC,IAAI,EAAE,CAAC,MAAM,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACvC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/cli/commands/init.d.ts

@@ -0,0 +1,2 @@
+export declare function initCommand(): Promise<void>;
+//# sourceMappingURL=init.d.ts.map

package/dist/cli/commands/init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/init.ts"],"names":[],"mappings":"AAGA,wBAAsB,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC,CA4BjD"}

package/dist/cli/commands/init.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.initCommand = initCommand;
+const store_1 = require("../../vault/store");
+const utils_1 = require("../utils");
+async function initCommand() {
+    console.log('Initializing AIVault...\n');
+    let password = process.env.AIVAULT_MASTER_PASSWORD;
+    if (!password) {
+        password = await (0, utils_1.promptHidden)('Set master password: ');
+        if (!password) {
+            console.error('Error: Password cannot be empty.');
+            process.exit(1);
+        }
+        const confirm = await (0, utils_1.promptHidden)('Confirm master password: ');
+        if (password !== confirm) {
+            console.error('Error: Passwords do not match.');
+            process.exit(1);
+        }
+    }
+    try {
+        const store = new store_1.VaultStore(password);
+        store.init();
+        console.log('\n✓ Vault initialized at ~/.aivault/');
+        console.log('  Use "aivault set <NAME> --desc <description>" to add secrets.');
+    }
+    catch (err) {
+        console.error(`Error: ${err.message}`);
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=init.js.map

package/dist/cli/commands/init.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../../../src/cli/commands/init.ts"],"names":[],"mappings":";;AAGA,kCA4BC;AA/BD,6CAA+C;AAC/C,oCAAwC;AAEjC,KAAK,UAAU,WAAW;IAC/B,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;IAEzC,IAAI,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IAEnD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,MAAM,IAAA,oBAAY,EAAC,uBAAuB,CAAC,CAAC;QACvD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;YAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAA,oBAAY,EAAC,2BAA2B,CAAC,CAAC;QAChE,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YACzB,OAAO,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,IAAI,kBAAU,CAAC,QAAQ,CAAC,CAAC;QACvC,KAAK,CAAC,IAAI,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;IACjF,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACvC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/cli/commands/list.d.ts

@@ -0,0 +1,2 @@
+export declare function listCommand(tag: string | undefined, password: string): void;
+//# sourceMappingURL=list.d.ts.map

package/dist/cli/commands/list.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"list.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/list.ts"],"names":[],"mappings":"AAGA,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAiB3E"}

package/dist/cli/commands/list.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.listCommand = listCommand;
+const store_1 = require("../../vault/store");
+const utils_1 = require("../utils");
+function listCommand(tag, password) {
+    const store = new store_1.VaultStore(password);
+    try {
+        const secrets = store.listSecrets(tag);
+        if (secrets.length === 0) {
+            console.log(tag ? `No secrets found with tag "${tag}".` : 'No secrets in vault.');
+            return;
+        }
+        const rows = secrets.map(s => [s.name, s.description, s.tags.join(', ')]);
+        console.log((0, utils_1.formatTable)(rows, ['NAME', 'DESCRIPTION', 'TAGS']));
+    }
+    catch (err) {
+        console.error(`Error: ${err.message}`);
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=list.js.map